CISA: Full-Aggregation & Interactivity issuesCISA: Full-Aggregation & Interactivity issues

ReminderReminder

In the previous post, we explained:

• Half-Agg → Non-interactive
• Full-Agg → Interactive

🔍 What does "interactivity" mean?🔍 What does "interactivity" mean?

Let’s break it down 👇

Creating an aggregate signature requires communication between participants

Let’s illustrate this with Alice and Bob

To create Sigₐgg, Alice and Bob must exchange cryptographic commitments.

After sharing commitments, each signer creates a partial signature

Partial signatures are then combined to produce the final aggregate signature

Sigₐgg = (∑Rᵢ, ∑sᵢ)

❌ This is the flaw with Full-Agg❌ This is the flaw with Full-Agg

⚠️ For protocols like CoinJoin or PayJoin,⚠️ For protocols like CoinJoin or PayJoin,

Full-Agg introduces complexity:

✅ But Full-Agg works great✅ But Full-Agg works great

when one user controls all inputs

(Source: HRF CISA Research Paper)

🧬 The hybrid approach🧬 The hybrid approach

Combine Full-Agg and Half-Agg

from: hrf.org/latest/cisa-research-paper

Follow @Bitcoin_Devs for more Bitcoin technical posts.